Ask stories

Last week I rented a BMW from Sixt (Italy).

The default rental driver profile had Bluetooth disabled, so I created my own BMW ID, paired it with the car, removed the existing profile, and even triggered software updates.

When returning the car, I told the Sixt representative that I had linked my BMW ID — they assured me that the vehicle would be reset.

Today — just before deleting the “My BMW” app — I checked out of curiosity.

Surprise: I still had full remote access:

- live location tracking

- remote lock/unlock

- honking (hehe)

- turn lights on/off

At this point, the car was presumably already rented to someone else. I could track the new renter’s location and remotely interact with the car.

IMO, this exposes a serious security/privacy issue:

- BMW ConnectedDrive still had my account associated to the vehicle VIN

- Sixt’s reset procedure didn’t revoke my BMW ID access

I suspect this may not be limited to Sixt, but could affect other rental fleets using ConnectedDrive if proper backend disassociation isn’t done.

BMW allows fleet integrations via ConnectedDrive Fleet Services, but I wonder how many rental cars globally still have previous renters’ IDs attached.

I have been wondering with the total slop that is social media where to get well written and interesting news from. I am not only interested in tech or politics but other topics as well. What are your suggestions?

This is just a PSA for anyone unfortunate enough to have to use iwantmyname.

TL;DR: Generation of EPP auth codes for many TLDs is completely broken, and support appears to be out to lunch.

We've been long-time customers of iwantmyname (our first invoice goes back to 2014). We generally only used them for registration of TLDs that were unavailable on Google Cloud Domains (RIP) or Route 53.

We have rarely had cause to use their support as we typically nameserved away to external DNS solutions - but the few times we did it seemed fine. However, as many of the domains we originally registered on iwantmyname now have TLDs which are supported by our other infrastructure providers we have begun the slow process of migrating off of the platform.

On June 7th of this year, iwantmyname released a new, "upgraded" dashboard. However, since this update the generation of EPP auth codes for transfer out of the system - a requirement of ICANN as well as most international TLD governance bodies - is completely broken. When attempting to view an EPP Auth code via the dashboard, it shows an empty input or a value of "N/A". When attempting to email the EPP Auth code from the same dashboard, the emails send with a value of "n/a".

We have raised 6 separate support cases over the past two weeks, including attempting to raise them on chat during both US and NZ working hours, and have received zero response. Nada, nothing, zilch.

We haven't been able to thoroughly test all of our domains (we are in the process of that now), but to date these are the TLDs we've seen this issue affecting:

  - .es
  - .at
  - .in
  - .blue
  - .quest
  - .us
  - .com.au (some EPP Auth codes are available)
  - .au (some EPP Auth codes are available)
  - .nz (some EPP Auth codes are available)

I have been in a rut hyper-focusing on ways the internet is used for bad (disinformation, harvesting info, bullying). It would be lovely to hear some ways the internet is being used for good. From general things like rapid knowledge sharing to more obscure or specific!

Need some real life advice and stories from experienced folks.

I’ve been working for few years in a large company (think faang as a good approximation) in one of the departments under 1 manager. Relatively good one.

Then by the will of higher ups some teams got drastically reorged and I ended up in a different team with a new manager. Terrible one.

Micromanagement, lack of vision, poor communication, poor planning, zero support, full package. About half the team share similar view. The other half seems like just playing along.

To add more context the overall management culture in the company is neither toxic nor great. There is definitely hierarchy and go over her head doesn’t sound like a good idea. Internal movements are basically non existent.

I still care about the mission and about what I do. Though not as much as before this all happened.

What would you do in my shoes to make the best of the situation?

I’ve been working on a browser-based image editor written in C++, and when I tell my friends about it, the most common reactions I get are “Huh???” and “Why???” ...Let’s break it down.

First: Wait, how does C++ run in the browser? I’m not just tossing raw C++ into a browser tab. The browser only knows how to speak 2 languages: JavaScript and WebAssembly. WebAssembly (WASM) is a bytecode language that is interpreted in the browser. The trick is to write C++ functions and compile them to WASM using Emscripten. Javascript still controls the DOM, so WASM can’t do everything - you’ll have to call the C++ functions from JavaScript.

If Javascript and WASM need to work together, they’ll need a way to communicate and transfer data! To do this, JS allocates shared buffers, writes data into it, then calls into C++ using ccall. The C++ function processes the data and returns control to JS, which can then read from the shared buffers.

C++ compilers typically mangle function names by encoding additional information—like parameter types—to support features like function overloading and prevent naming conflicts. To make C++ functions accessible from JavaScript, I used “extern C”, a directive that tells the compiler to preserve the original function names and disable name mangling.

And yes, if you mismanage memory allocation or forget to free, you can cause undefined behaviours your browser app

Second: Why go through all this trouble? Image editing—especially with real-time filters, frequent canvas updates, and support for dozens (or even hundreds) of layers—is computationally heavy. JavaScript alone may not keep up, especially when you're pushing for high performance and smooth UX.

Why? Because JavaScript is an interpreted language—it’s read and executed line by line at runtime, which adds overhead. WebAssembly, on the other hand, is a lower-level bytecode. When you compile C++ to WASM, you get the benefits of LLVM's compiler optimizations along with the portability of the web.

So even though WASM is still technically interpreted, it's much closer to machine code and runs at near-native speed. That means complex image processing operations—like applying custom filters or merging high-resolution layers—can happen fast, without freezing the browser or dropping frames. The end result? A frontend that feels like a native desktop app, but runs in your browser.

For anyone who's interested, here's the GitHub repo! https://github.com/alicehe2003/ImageEditor

This project was inspired by how Figma is built!

https://www.linkedin.com/posts/alice-he-95406b293_github-alicehe2003imageeditor-web-based-activity-7340407818077859842-r3FK?utm_source=share&utm_medium=member_desktop&rcm=ACoAAEcFpZABjEOydMovU7l8KMPjazq9tzhE9Rc

Throughout my career, I've received incredible kindness and inspiration from experienced people - professors, and strangers who invested time in me when I feel like I had little to offer in return. While I always express gratitude and try to pay it forward, I often feel there's still an imbalance. I feel like I owe something more direct to the specific people who shaped my life.

How do you meaningfully give back to people who helped you early on (when you literally have nothing...haha)? What forms of gratitude have you found most meaningful?

Appreciate any comments.

This question's for all those cool projects or skills you're secretly fascinated by, but haven't quite jumped into. Maybe you feel like you just don't have the right "brain" for it, or you're not smart enough to figure it out, or even worse, you simply have no clue how or where to even start.

The idea here is to shine a light on these hidden interests and the little (or big!) mental blocks that come with them. If you're already rocking in those specific areas – or you've been there and figured out how to get past similar hurdles – please chime in! Share some helpful resources, dish out general advice, or just give a nudge of encouragement on how to take that intimidating first step.

Let's help each other get unstuck!

At our startup, engineers don't build features anymore. They build APIs that internal tools like Zapier, Make and N8n can connect to. Most "features" like running an SQL query, sending a push notification when product X is ordered gets built by ops or product folks using those tools.

If you've got the idea, you build and ship it yourself. It's fast, empowering and it keeps engineers focused on building a reliable, scalable, secure set of APIs. It also forces us to write better, cleaner APIs and the APIs stay stateless and focused. Debugging can be hard and sometimes duct-tape logic quietly piles up.

I think it's better than the usual model where eng is the bottleneck for every new flow. Has anyone else tried this kind of setup? Where does it fall down or is it the new normal?

Companies building software in the US were hit hard a few years ago when the tax code stopped allowing deduction of software dev expenses. Now they have to be amortized over several years.

HN has had many discussions about this, including The time bomb in the tax code that's fueling mass tech layoffs - https://news.ycombinator.com/item?id=44180533 - (927 comments) a few days ago. Other threads are listed at https://news.ycombinator.com/item?id=44203869.

There's currently a major effort to get this change reversed. One of the people working on it is YC's Luther Lowe (https://news.ycombinator.com/user?id=itsluther). Luther has been organizing YC alumni to urge lawmakers to support this reversal. I asked him if we could do that on Hacker News too. He said yes—hence this thread :)

If you're a US taxpayer and if you agree that software dev expenses should be deductible like they used to be, please sign this letter to the relevant committee members: https://docs.google.com/forms/d/1DkRGeef2e_tU2xf3TyEyd2JLlmZ....

(If you're not a US person, please don't sign the letter, since lawmakers will only listen to feedback from taxpayers and we don't want to dilute the signal.)

I'm sure not everyone here agrees with us—HN is a big community, there's no total agreement on anything—but this issue has as close to a community consensus as HN gets, so I think it makes sense to add our voices too.

Luther will be around to answer questions and hopefully HN can contribute to getting this done!

For the sake of argument, assume that if your job consists of sitting at a computer, reading on a screen, and typing on a keyboard, then your career will go away.

There is always room at the top, and there may always be room for humans at the top of any career. Assume (this is a tough ask, I know) that you are NOT one of those people.

What is your fallback job? What skills do you have or would like to acquire that might keep you going? Bicycle mechanic? Teach music to children? Woodworking/carpentry? (Living off your stock options or investments does not count)

My experiences with coding chatbots has been underwhelming. What I would like is something that works like the following:

I write a file with comments in the file of what I expect the code to be doing at this point in the code. When I run the agent to build or compile these descriptions

it should of course provide the methods outlined, if it feels the need to create other parts of the code than what I have specified it should make comments about why it decided this and what the code it makes does.

Essentially I want an agent that allows me to approach non-literate programming in a literate programming manner/workflow https://en.wikipedia.org/wiki/Literate_programming

If you have some ideas as to how I can get to this please share, if you think it will not ever be possible to produce something like go ahead and share that too (although I think it should be)

Note I do not want an interactive bot doing stuff WHILE I type, I want an AI build step. Why? Because I type really quick without errors having worked as a data entry guy in my early 20s. The interactive bots make me slower and generally don't have good inputs most of the time.

I bet this is probably doable and a lot of you are thinking why doesn't this guy just do X or Y, but that's the thing - all I've experienced so far is the non-satisfactory interactive bots, and researching the matter the world's most popular broken search engine has been unsatisfactory, so hopefully people here can explain what to do to get what I want.

Hi all, I was wondering what books/courses/projects one might do to learn CUDA programming.

(To be frank, the main reason is a lot of companies I'd wish to work for require CUDA experience -- this shouldn't change your answers hopefully, just wanted to provide some context )

Hey I have been working on a solution to prevent secrets from committing to VCS repos, so far have prevented 10+ AWS keys from accidentally being committed. Github has an offering but it's very costly for our team. Does anyone of you want to try out ?

Well, it's been a while since I touched this theme. 6 years ago, I launched a job board trying to fight ageism in tech (https://news.ycombinator.com/item?id=20252097)

It did super well in terms of upvotes and comments but not $ speaking (made $0)

This seems to be a current problem but what's the solution?

Obviously they both offer an incredible service but competition is always good!

I want to start studying and exploring math for a hobby. I had Engineering mathematics during University days, and also enjoy discovering interesting computer science algorithms. Looking for interesting, engaging books that don't require toooo much thinking.

I’m good at routines and habits, so my baseline productivity is solid, but I often struggle to break down larger, abstract goals into clear, actionable steps. For example, goals like "get a higher-paying job with more interesting coworkers" can feel overwhelming unless I outline specific tasks like researching the job market, learning relevant skills, or setting clear milestones.

I’d like to get better at this planning skill, turning broad goals into manageable steps, and am looking for recommendations:

Practical books or articles on planning and goal-setting.

Useful frameworks or techniques you've personally tried.

Courses, coaching, or communities that focus on this skill.

Hello HN, What do you think will lose value and what will gain value as a result of text-to-product AI?

Given the recent WWDC announcement of Apple’s Liquid Glass design language and the subsequent discussion on their functional usefulness in conveying visual hierarchy of affordances, I’m wondering if some lessons could also be taken from an environment that had evolved in parallel -- that of video game interfaces, whose trend initially started out being a vehicle to facilitate immersion via stylized decorations (see: Warcraft and StarCraft), then underwent a phase of minimalism (reflector sight-esq monochromatic HUD overlays) before finally settling on something that is a mixture of stylized and functional thanks to a design pressure of needing to convey glanceable information during fast-paced gameplay without getting in the way.

For a specific case study I’d like to ask what HN thinks of the UI design language of Minecraft, specifically the semi-3D button and slider looks motivated by a need to convey visual hierarchy given a constrained pixel-art granularity budget.

It utilizes different shades of grey borders to convey a sort of faux surface-normal highlight on beveled edges to indicate whether the element is raised or sunken.

I think this is an interesting innovation of min-maxing the visual complexity budget, perhaps the modern beveled-glass design language could draw some inspirations from here?

If you’re working on a project with designers, devs, managers — lots of moving parts, how do you usually collect feedback?

I get that most people just drop a text or WhatsApp, or talk face-to-face. But what I’m really curious about is ad-hoc feedback on UIs.

Do on-site feedback widgets actually work? Would you use one if it let you leave powerful, contextual feedback right where it matters?

Would love to hear from anyone who’s dealt with this.

I was reading this recently shared post on the promise of CAR-T therapy for cancer[1]. However, it seems that it may not be universally applicable to all cancers[2], including breast cancer.

What have we discovered (and made available as treatment) for advanced breast cancers?

[1]: https://news.ycombinator.com/item?id=44219379 [2]: https://pmc.ncbi.nlm.nih.gov/articles/PMC8990477/

Lately it seems like we're drowning in a tidal wave of new products, all expecting $10+ a month as subs. Is this really sustainable in the long run? Or am I missing something?

This struck me as an interesting sci-fi writing exercise. Gas stations are everywhere; but they'll likely change considerably going forward.

Imagine visiting a gas station in 2040:

• will it sell gas?

• what convenience items will it sell?

• who, if anyone, will staff it?

• what payment methods will it accept?

• what signage and decor will it use?

• will it offer new services?

I'm managing a long-term team member who has become very difficult to manage. They appear polite, cooperative, never openly push back. They acknowledge requests, attend meetings, and respond professionally.

But in reality:

- Tasks come back half-done, again and again

- Feedback is acknowledge and then ignored

- Bugs get buried in vague responses like “works on my side”

- Messages are not replied to sometimes, or they claim “was busy, didn’t see it”

- They never say “no,” but everything gets stuck in this slow grind

They’re not openly insubordinate. Just draining.

We can’t fire them easily as they're here for over 10 years they haven’t broken any rules or gross misconduct.

But they’ve made themselves completely unreliable in the last few months.

Anyone dealt with this kind of passive resistance?

How do you actually move someone like this — or do you just sideline them and minimize the damage?

Interesting to understand how you use it in real life scenarios.

I use it mainly to research the web, research competitors.

I used it for JTBD to explain the step-by-step process of our client's business flow (I am a b2b PM). Then, I checked with the colegue that worked with such clients for 10 years and got only two edis from her.

And the last thing I use Cursor with our GitHub repo to make SQL queries to our DB, and just exploring the already made logic (because we don't have any documentation, the only way to understand the parts we made is to ask Claude)

What about you? How do you use LLM's day to day?

I've always worked with text, but I only started digging deep into understanding Unicode this year.

What do HN people have to say about Unicode and UTF-{8,16,32}? Are there parts you've never really understood? Have you had unexpected bugs due to misunderstood properties of text?

At a glance, most developer conferences seem focused on boasting about minutiae and implementation details ("I've done X", "Lessons learned from fixing Z", and so on). While those are fun to attend and are indeed relevant to a stack, framework, platform, or language, they often restrict the human side of software development to fun marginalia.

Do you know of a developer conference that covers key skills such as communication, teamwork, and personal growth, even as the main track? Or those are all considered to be orthogonal to shipping code and thus less valuable, important, or interesting?

I'm doing this part time work with another "senior/staff" developer who got tired of writing lots of code with nodejs and decided the way to go was doubling down on aws - and the various tools provided. His new stack is as follows

- dynamodb - nodejs lambda functions - s3 - cdk to setup infra, attach lambda's to various resources

nearly all our features rely on the following "common/reuseable" existing code. This is thoroughly tested because they are reused in multiple projects. -> we have a core set of infra/lambda code that does common things like -> authorization/authentication/accounts - using auth0 behind the scenes - for user management -> billing - using a stripe setup. we have ddb table, webhooks and various lambda to support billing based on accounts above -> managing uploads - presigned and direct multipart/form-data uploads and saving metadata in dd -> creating and tracking jobs - via sqs -> have api as a service module that helps us track useage for api's being sold to public

For a typical project, we spin up the above existing infra Add custom infrastructure to do things specific to the project This typically involves -> adding an api gateway and attaching lambda handlers -> and so on.

My question is Which of you do something similar How do you organize reuseable code - do you create your own custom constructs library? Do you have one giant gateway that custom apis get attached to or you create new gateways to do whatever.

RPA helped with task-level automation, but today’s enterprise processes demand more than macros and scripts. We’re seeing the rise of AI agents—context-aware, multi-system, and even collaborative. Curious how others are seeing this shift from automation to orchestration. Thoughts?